Apr 12, 2010

Announcing 1st Workshop: Malicious PDF Analysis

Our ticket sales started a few weeks ago. Although our CFP is still running, we'll start giving sneak peeks in the upcoming program of the 2010 BruCON edition. This might convince some of you to grab that ticket at early bird price since some of them are limited in number.

With great pleasure we are announcing an exclusive workshop from Belgian security researcher Didier Stevens! And what better subject it could be then a workshop in Malicious PDF analysis!

Workshops are part of the conference and we will announce more about these and upcoming presentations in the coming week so keep tuned! Also take a look at the BruCON training tracks prior to the conference.


This workshop will teach you the fundamentals you need to know to analyze (malicious) PDF documents. Didier Stevens will familiarize you with PDFiD and pdf-parser, two essential tools for PDF analysis he authored. The workshop is hands-on: bring your laptop, start the VM we provide you (VMware or VirtualBox) and you're ready to go! Contained in the Linux VM are the tools and PoC samples to do the exercises of the workshop. We start with a very simple, PoC malicious PDF file (you could even analyze this PoC file with Notepad or vi) to lay out the fundamentals, and then work through more complex examples.

Each attendee will receive a copy of a 20+ page PDF analysis document Didier Stevens authored. And yes, this document will be provided in the Portable Document Format, but hey, when you succesfully complete this workshop, you will know how to identify malicious PDF files ;-)


Didier Stevens (CISSP, GSSP-C, MCSD .NET, MCSE/Security, RHCT, OSWP) is an IT Security Consultant currently working at a large Belgian financial corporation. He is employed by Contraste Europe NV, an IT Consulting Services company (www.contraste.com). You can find his open source security tools on his IT security related blog at blog.DidierStevens.com.

Didier is a well-known expert on malicious PDF documents and authored the tools PDFiD and pdf-parser to assist with the analysis of PDF documents. PDFiD is one of the engines running on VirusTotal.

No comments:

Post a Comment